Typically, a publish/subscribe network is widely used by organizations for event based applications such as supply chain management. In supply chain management, organizations track the product using tags such as Radio Frequency Identification (RFID) tags in order to increase visibility across the supply chain and improve its performance using the publish/subscribe network. The events disseminated in the supply chain application using the publish/subscribe network not only reveal the information necessary to enable the supply chain application, but also reveal additional information about the organization's operation. They may, for example, reveal strategic supplier relationships, planned promotions, best practices, and the like.
Therefore, the method of dissemination of events in the publish/subscribe network raises security concerns, since the events of the supply chain operations are considered sensitive by the organizations. Therefore, restrictive access-control policies are necessary as the events are disseminated in publish/subscribe networks where there is no access control policy enforcement point and also the subscribers may be unknown.
In existing methods, a password or symmetric key is stored on each RFID tag in an encryption scheme that enables accessing events for the particular product. Every party that receives the RFID tag can store the password and can then access events. However, the password needs to be safeguarded. Therefore, the password needs to be encrypted on the RFID tag and stored securely in order to prevent theft. Moreover, the password is not traceable, i.e. if it is leaked, it cannot be determined which party has leaked the password. As a consequence, most publishers may not be inclined to safeguard the password or may even deliberately reveal it to outsiders. Therefore, it is desirable to provide a method which enables secure dissemination of events in the publish/subscribe network.